Community discussions

MikroTik App
 
MarkLFT
just joined
Topic Author
Posts: 22
Joined: Mon Apr 23, 2012 7:22 am

Unable to get simple subnet routing to work.

Tue Aug 23, 2022 9:27 am

I have a single router, port 1 is nat'd to the internet. Port 2 is address 192.168.88.1/24, and port 3 is address 192.168.2.1/24.

All hosts on each subnet has a default route set to the .1 address in its subnet. i.e. host 192.168.88.23 has a default gateway to 192.168.88.1.

All hosts can access the internet correctly. and hosts in 88.1 can ping ip 192.168.2.1, but not any other host in the 2.x subnet, and vice versa is the same.

I am pretty confident, that without any additional static routes, that 88.x hosts should be able to access 2.x hosts as they are on the same router, and Mikrotik rules forwards by default.

What am I missing, why can these two subnets not see each other?

I have reset the router config to nothing, and just created the essential addresses and masquerade rule, nothing else. So no rules are blocking the traffic.

I setup the same config in a GNS3 simulator, and it worked as expected.

Did the default security settings in the Router OS change?
 
elbob2002
Member Candidate
Member Candidate
Posts: 252
Joined: Tue May 15, 2018 8:15 pm
Location: Ireland

Re: Unable to get simple subnet routing to work.

Tue Aug 23, 2022 10:19 am

Can you post your config?

export hide-sensitive
 
MarkLFT
just joined
Topic Author
Posts: 22
Joined: Mon Apr 23, 2012 7:22 am

Re: Unable to get simple subnet routing to work.

Tue Aug 23, 2022 10:45 am

/interface pppoe-client
add add-default-route=yes disabled=no interface=ether1 name=pppoe-CBN password=\
    ********* user=*******
/ip address
add address=192.168.2.1/24 interface=ether5 network=192.168.2.0
add address=192.168.88.1/24 interface=ether2 network=192.168.88.0

/ip dns
set allow-remote-requests=yes servers=8.8.8.8,8.8.4.4

/ip firewall nat
add action=masquerade chain=srcnat out-interface=pppoe-CBN
 
tangent
Forum Guru
Forum Guru
Posts: 1351
Joined: Thu Jul 01, 2021 3:15 pm
Contact:

Re: Unable to get simple subnet routing to work.

Tue Aug 23, 2022 10:55 am

Your pared-back configuration requires me to ask something you could’ve shown straightforwardly: are these three ports still bridged together, as they presumably are in the default configuration for whatever device you’re using?

The full (but sanitized) configuration would’ve answered both questions.
 
MarkLFT
just joined
Topic Author
Posts: 22
Joined: Mon Apr 23, 2012 7:22 am

Re: Unable to get simple subnet routing to work.

Tue Aug 23, 2022 11:01 am

As I wrote in my original post, I reset the configuration to nothing, then entered just these commands, so there is no bridging.
 
erlinden
Forum Guru
Forum Guru
Posts: 1920
Joined: Wed Jun 12, 2013 1:59 pm
Location: Netherlands

Re: Unable to get simple subnet routing to work.

Tue Aug 23, 2022 11:12 am

What makes you think they should be able to see eachother?
 
MarkLFT
just joined
Topic Author
Posts: 22
Joined: Mon Apr 23, 2012 7:22 am

Re: Unable to get simple subnet routing to work.

Tue Aug 23, 2022 11:19 am

By my understanding, subnets on different ports on the same router can see each other. As I recall, the default rules on a MIkrotik are to forward packets between these ports/subnets.

Are you saying they should not by default be able to see each other? If so, what routes do I setup so they can see each other?
 
tangent
Forum Guru
Forum Guru
Posts: 1351
Joined: Thu Jul 01, 2021 3:15 pm
Contact:

Re: Unable to get simple subnet routing to work.

Tue Aug 23, 2022 2:04 pm

What does "/ip/route/print" say?
 
MarkLFT
just joined
Topic Author
Posts: 22
Joined: Mon Apr 23, 2012 7:22 am

Re: Unable to get simple subnet routing to work.

Tue Aug 23, 2022 2:42 pm

 
 0 ADS  0.0.0.0/0                          pppoe-CBN                 1
 1 ADC  *.*.*.*/32   *.*.*.*  pppoe-CBN                 0
 2 ADC  192.168.2.0/24     192.168.2.1     ether5                0
 3 ADC  192.168.88.0/24    192.168.88.1    ether2              0
 
tangent
Forum Guru
Forum Guru
Posts: 1351
Joined: Thu Jul 01, 2021 3:15 pm
Contact:

Re: Unable to get simple subnet routing to work.

Tue Aug 23, 2022 3:31 pm

That output shows that "simple subnet routing" does work as you expect. All those dynamic routes ("D") are what you were expecting RouterOS to add for you.

(Incidentally, you can drop the "network=192.168.88.0" type stuff from your "/ip/address/add" commands. It's implicit from the host IP and the mask.)

These clients of yours…they wouldn't happen to be Windows boxes, would they? It blocks ping by default, for the past few major releases. Unblocking instructions.
 
MarkLFT
just joined
Topic Author
Posts: 22
Joined: Mon Apr 23, 2012 7:22 am

Re: Unable to get simple subnet routing to work.

Tue Aug 23, 2022 3:37 pm

Ok, so I am not going mad. The subnet routing should work with that simple configuration.

One of the test hosts is a Windows, but I also testing with a Mac and a Raspberry Pi running the latest Pi OS.

So, now I am at a loss. The router seems ok, the router config seems ok. Will look at unblocking ping on the Windows system, but that does not explain the Mac and Pi.

Thanks for your help. Back to the drawing board.
 
tangent
Forum Guru
Forum Guru
Posts: 1351
Joined: Thu Jul 01, 2021 3:15 pm
Contact:

Re: Unable to get simple subnet routing to work.

Tue Aug 23, 2022 5:07 pm

I would next look at routing on the clients, presumably learned via DHCP. The ping packet may get to the client from the router, that doesn't tell you that the client then knows how to get the reply back to the router.

The command varies: "ip route" on modern Linux, "netstat -r" on BSDish OSes, "route print" on Windows… They're all functionally equivalent to the RouterOS command above.

Who is online

Users browsing this forum: Bolendox, LeoNaXe and 38 guests